﻿@page "/"
@namespace VueBffProxy.Pages
@using System.Net;
@using NetEscapades.AspNetCore.SecurityHeaders;
@inject IHostEnvironment hostEnvironment
@inject IConfiguration config
@inject Microsoft.AspNetCore.Antiforgery.IAntiforgery antiForgery
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
@{
    Layout = null;

    var source = "";
    if (hostEnvironment.IsDevelopment())
    {
        var httpClient = new HttpClient();
        source = await httpClient.GetStringAsync($"{config["SpaDevServerUrl"]}/index.html");    
    }
    else
    {
        source = await System.IO.File.ReadAllTextAsync($"{System.IO.Directory.GetCurrentDirectory()}{@"\wwwroot\index.html"}");
    }

    //生成随机数
    var nonce = HttpContext.GetNonce();

    // The nonce is passed to the client through the HTML to avoid sync issues between tabs
    source = source.Replace("**REPLACE_THIS_VALUE_WITH_SAFE_NONCE**", nonce);

    var nonceScript = $"<script nonce=\"{nonce}\" ";
    source = source.Replace("<script ", nonceScript);

    // link rel="stylesheet"
    var nonceLinkStyle = $"<link nonce=\"{nonce}\" rel=\"stylesheet";
    source = source.Replace("<link rel=\"stylesheet", nonceLinkStyle);


    //******以下处理将由XSRFTokenMiddleware接管处理************
    //var xsrf = antiForgery.GetAndStoreTokens(HttpContext);
    //var requestToken = xsrf.RequestToken;
    
    // The XSRF-Tokens are passed to the client through cookies, since we always want the most up-to-date cookies across all tabs
    //Response.Cookies.Append("XSRF-RequestToken", requestToken ?? "", new CookieOptions() { HttpOnly = false, IsEssential = true, Secure = true, SameSite = SameSiteMode.Strict });

    }

@Html.Raw(source)
